To only allow traffic that originates from Amazon CloudFront and AWS WAF's IP range, you need to be informed of AWS IP changes. AWS notifies users of service IP changes through a public Amazon Simple Notification Service (SNS) topic that gives service IP ranges in JSON format. Leveraging the integration between Amazon SNS and AWS Lambda, this lab demonstrates a way to automatically update security groups with these new IPs.

Topics Covered

After completing this lab, you should be able to:

Create VPC Security Groups

Create an IAM Policy

Create a an AWS Lambda function

Test a Lambda function with sample events

Subscribe the Lambda function to an Amazon SNS topic

Technical knowledge prerequisites

This lab is intended for AWS learners. To successfully complete this lab, you should be familiar with AWS Services including Amazon EC2, VPC Security Groups, Identify and Access Management (IAM) Roles and Policies and Amazon Simple Notification Service (SNS). You should be comfortable logging into and using the AWS Management Console.